# Privacy Concerns: Automobiles Doing Data Collection



## Yooper

So a few years back I was shopping for a car and I asked the very knowledgeable dealership folks what their parent auto company's policy was with regard to collection of personal data in the module that sits underneath the driver's seat (known by various and sundry names).

They looked confused, but recovered quickly by answering "we don't do anything like that!"

However, we know that they do. How many companies is up for debate, but they do collect. (Think the Progressive Snapshot, but snapshotting without you knowing it and without any benfit to you).

Some of the Japanese/Korean companies have openly admitted it. I think it was Hyundai. BMW has admitted to it. In every case the defense was product improvement. But none of the companies ever said what exactly was collected and what was done with the data collected. Some of the companies use the "OnStar" like options their cars have to transmit data. Some, supposedly, use your personal cell phone when you connect it to the car! And there are rumors that dealerships during service visits download driver data via the OBDC port.

Ford got caught in 2014: _"Ford Still In Hot Water Over Data Collection Policies"_ I still have not been able to find a copy of Ford's privacy policy regarding this type of data.



> n the hope of avoiding further scrutiny, Ford also detailed out how the data is stored. Location data from on-board navigation systems as well as travel information from Ford’s SYNC system is kept on record – the former kept for up to several weeks on the vehicles own storage system, whilst the latter is stored for 60 days by Ford, according to the report.



Now check out this article: _"Unencrypted Video and Personal Data Stored on Teslas Raise Significant Privacy Concerns: Report" _(While I snipped a bunch, please take a look at the entire article. It'll give you a better understanding why I wrote what I wrote at the end of this post.)



> As cars continue to become more advanced and stuffed full of technology, they’ve begun to catch the attention of security researchers. One analyst in particular recently purchased a salvaged Tesla Model 3 in order to conduct a series of tests, ultimately determining that the vehicle stores massive amounts of unencrypted personal data, accessible to any individual who has physical access to the car.
> ...
> 
> Using information found in the car, the vehicle was able to be pinpointed back to its owner, a construction company based in the greater Boston area. The researchers were able to gather data stored by at least 17 different devices that had been connected to the car during its lifespan, none of which were encrypted. Data included 11 phonebooks' worth of contact information, calendar entries for the devices which paired, and even a series of email addresses. The researchers were also able to discover the last 73 locations which the driver(s) had navigated to.
> ...
> 
> A second video uncovered an earlier accident where the Model 3 sideswiped a guard rail. More video footage shows a general disregard for safety or the possibility that the person behind the wheel was driving while impaired.
> ...
> 
> Still, knowing that any individual with the right skills can reveal the final moments of a car's life could be daunting. Things people prefer to keep private—where they go, who has been in the car, or how they drive—can be exposed to the public in the blink of an eye. Celebrities and high-profile individuals in particular could shift their views of the automaker's cars should they know that their personal data could be exposed. Even individuals who oft have nothing to hide tend to change their stance once the shoe is on the other foot.



Even while driving you're being data-mined. And perhaps being tracked with potential, eventual legal consequences. Be frightened. Be very frightened.

--- End of line (MCP)


----------



## glhs837

So, we need to break out the two different aspect of this. 

1. EVDRs, most commonly referred to as "Black Boxes", named because they perform similar function to the boxes like this in aircraft, and intended to be used for the same purpose, recording is almost always restricted to a snapshot, pardon the expression, of relevant data after a crash or "near crash" event. Full ABS stop might qualify as a near crash. G loads above a certain level might indicate a crash, as some GM and Ford owners have found as rough off-roading or racetrack events have triggered airbag deployments. These systems are used by the maker to refine and improve safety systems. Crumple zone behavior, airbag deployment patterns, injuries found with different types of crashes. Data usually restricted to less than a minute, although it may be more depending on the maker. The EVDR keeps a buffer and freezes that buffer. Normally takes special, but not controlled equipment to access this data. These records are legally controlled differently depnding on your state laws. Some states require a subpoena for law enforcement to access them. Some do not. MD law only reads them in fatal crashes. There will not be any PII in this data. 

2. Then you get into the telematics, the Uconnects and OnStars and Sync and others. If people cant be bothered to find out what data the vehicle stores and ensure it's wiped, I dont have a lot of sympathy.  You shouldn't be frightened, you should be aware. Awareness is the antidote to fear. You should know you are being tracked, and how to disable that tracking. If it cant be disabled, and that bothers you, then buy something else. And dont forget your cell phone. This article speaks a bit to this data. 

https://www.washingtonpost.com/news...-spouse/?noredirect=on&utm_term=.8656f2415370


----------



## Yooper

glhs837 said:


> So, we need to break out the two different aspect of this.
> 
> 1. EVDRs, most commonly referred to as "Black Boxes", named because they perform similar function to the boxes like this in aircraft, and intended to be used for the same purpose, recording is almost always restricted to a snapshot, pardon the expression, of relevant data after a crash or "near crash" event. Full ABS stop might qualify as a near crash. G loads above a certain level might indicate a crash, as some GM and Ford owners have found as rough off-roading or racetrack events have triggered airbag deployments. These systems are used by the maker to refine and improve safety systems. Crumple zone behavior, airbag deployment patterns, injuries found with different types of crashes. Data usually restricted to less than a minute, although it may be more depending on the maker. The EVDR keeps a buffer and freezes that buffer. Normally takes special, but not controlled equipment to access this data. These records are legally controlled differently depnding on your state laws. Some states require a subpoena for law enforcement to access them. Some do not. MD law only reads them in fatal crashes. There will not be any PII in this data.
> 
> 2. Then you get into the telematics, the Uconnects and OnStars and Sync and others. If people cant be bothered to find out what data the vehicle stores and ensure it's wiped, I dont have a lot of sympathy.  You shouldn't be frightened, you should be aware. Awareness is the antidote to fear. You should know you are being tracked, and how to disable that tracking. If it cant be disabled, and that bothers you, then buy something else. And dont forget your cell phone. This article speaks a bit to this data.
> 
> https://www.washingtonpost.com/news...-spouse/?noredirect=on&utm_term=.8656f2415370


Thanks for the reply.

I get it; don't be frightened, be proactive.

But that only works when companies tell you what they are collecting and how I can opt out of what the want to collect. But they don't. Very similar, to my mind, to what Alpahabet (Google) does when they continue to track you (location, data, etc.) even if you've done everything you can to turn that tracking off. I have asked, I have bothered to find out. But what I am really bothered about is the lack of transparency and forthcomingness.

And then there's the problem of what the companies actually do with the data. So even if MD only reads them in fatal crashes, who else is? Why the lack of transparency?

Continuing on this line (i.e., transparency) why won't companies tell you if the car has external auto shut-off installed? You wouldn't need to subscribe to OnStar to have that function on your car (and we know certain car companies out there have installed these non-subscriber auto shut-offs). Why won't companies step up and provide a statement to buyers that no such tech exists or if it does, how to disable it (or at least find out how it works)?

Couple this with software developers claiming that not only does the owner not own the Black Box neither do the auto companies as the code in the black box is merely licensed to the users (the auto company being the intermediate user and the owner being the end user). So these folks are going to tell me I don't own my car?

So, yes, as I noted it does bother me. And yes, I have taken steps to mitigate. But is this how it's gonna be? That we accept the Police/Surveillance State as the norm? That I'm going to pay $75k for a premium auto only to be told it's really not mine? That's what really bothers me.

--- End of line (MCP)


----------



## glhs837

The govt aspect and the private company aspect are two different things. Here's a bit more information. 

https://www.thetruthaboutcars.com/2016/06/owns-vehicles-crash-data/


----------



## Yooper

glhs837 said:


> The govt aspect and the private company aspect are two different things. Here's a bit more information.
> 
> https://www.thetruthaboutcars.com/2016/06/owns-vehicles-crash-data/


Great article. Thank you.

My first take is that it still doesn't go far enough. I'm not talking about data collection as a result of a crash. I'm talking about routine collection that I suspect just about every car company does/is doing, but only a few have been willing to talk about.

Perhaps I'm not seeing the issue correctly. But I suspect it may instead be the case that we see the issue differently and I attach more malice/malicious significance to all of this than you (or others) do.

I'll perhaps add to this thread after I go back and more thoroughly read your link.

Again, thanks.

--- End of line (MCP)


----------



## glhs837

Last time I really looked into this subject in depth was a few years back, when my fellow Charger owners were up in arms about the intrusive safety systems. To them, the then last gen Mercedes Conti-Teves MK25 ABS/TCS/ESP system was a huge buzzkill, earning it the name of HAL. So I'm much more in tune with the EVDR side of things than the telematics. I follow Tesla because I own a few shares. I also follow the "Right to repair" a bit. 

There is indeed work to be done to corral and protect the telematics data being gathered. I've no problem with it being properly anonymized and then used for research, knowledge is power after all. But PII should be controlled. Most rental cars I climb into have multiple previous renters phone data in there.


----------



## Yooper

More fuel to feed my paranoia.

glhs837; very interested in your thoughts, musings....



> The European Union has decreed — _fatwa’d_— that beginning with the 2022 model year, all new cars shall be electronically gelded, forced by software to hew to every speed limit, all the time.
> 
> ​The same software — and hardware — that probably two-thirds of all new cars sold here _already have _— merely awaiting activation.
> 
> Helpful, convenient GPS mapping — so much easier than having to read and handle a paper map, as people used to.
> 
> Helpful, convenient “driver assists” — such as the little cameras that enable your car to automatically brake itself when those electronic eyes see another car up ahead, moving more slowly than your car. These cameras also see — and know, via the GPS mapping data, updated regularly — what the speed limit is on every road you drive.
> 
> And the car knows exactly how _fast _you are driving, in real time — all the time.
> 
> See the helpful little icon on the touchscreen? The one that looks just like a speed limit sign? Watch it change from 45 to 35, as the speed limit on the road you’re driving on changes. Now watch as it turns angry red, to warn you that you are driving faster — even if only by 1 MPH — than the posted speed limit.





> You can be certain, by the way, that the speed of the armored chariots of the elite — EU and U.S. — will _not _be limited in any manner whatsoever.
> 
> This being about controlling our mobility — never theirs.
> 
> “Safety” has as much to do with this as the TSA has to do with catching “terrorists.”
> 
> It’s _us _they’re out to catch — and not for “speeding.” That’s merely the _pretext _— just the same as “terrorists” at the airport and “drunks” at checkpoints.
> 
> Your Libertarian Car Guy has been telling you so for years — and here, at last, it is.



More at (link): _"The Tsunami Approaches"_

--- End of line (MCP)


----------



## glhs837

Do I think this is done for nefarious purposes? No, not really. Which doesn't mean the ends are not, however. Standard Euro nanny state crap writ larger. All based on the outdated "speed kills" mantra that our own govt disproved a while back. You could save far more lives by severely punishing poor and or distracted drivers. Pretty much continuing the march towards the end of driving as we know it. Inevitable, sadly. And I"ll always have one analog car in the stable. My own personal Red Barchettta, which song foretold this a long time ago.......


----------



## GURPS

glhs837 said:


> And I"ll always have one analog car in the stable.




69 VW Beetle


----------



## glhs837

GURPS said:


> 69 VW Beetle



Not quite that anolog  Although there is a 73 F100 awaiting my attentions. The ones I have in mind are the twin 98/99 BMW convertibles. I do love me some ABS.


----------



## nwtnanne

they can track it? i mean it supposed to private right?


----------

